Daily NCSC-FI news followup 2021-07-07

Out-of-Band (OOB) Security Update available for CVE-2021-34527

msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527/ Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, which is being discussed externally as PrintNightmare. This is a cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect your systems.. Lisäksi:https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare. Lisäksi:

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527. Lisäksi:

www.darkreading.com/endpoint/microsoft-releases-emergency-patch-for-printnightmare-flaw. Lisäksi:

www.bleepingcomputer.com/news/security/microsoft-pushes-emergency-update-for-windows-printnightmare-zero-day/. Lisäksi:

thehackernews.com/2021/07/microsoft-issues-emergency-patch-for.html. Lisäksi: isc.sans.edu/diary/rss/27610

Fake Kaseya VSA Security Update Drops Cobalt Strike

threatpost.com/fake-kaseya-vsa-update-cobalt-strike/167587/ A malware spam campaign is milking the Kaseya ransomware attacks against its Virtual System/Server Administrator (VSA) platform to spread a link pretending to be a Microsoft security update, along with an executable file that’s dropping Cobalt Strike, researchers warn. Lisäksi:

www.bleepingcomputer.com/news/security/fake-kaseya-vsa-security-update-backdoors-networks-with-cobalt-strike

Kaseya VSA Limited Disclosure

csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/ Last weekend we found ourselves in the middle of a storm. A storm created by the ransomware attacks executed via Kaseya VSA, using a vulnerability which we confidentially disclosed to Kaseya, together with six other vulnerabilities. Lisäksi:

csirt.divd.nl/cases/DIVD-2021-00011/

Researchers Learn From Nation-State Attackers’ OpSec Mistakes

beta.darkreading.com/threat-intelligence/researchers-learn-from-nation-state-attackers-opsec-mistakes? Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten. When security intelligence teams talk about human error, the conversation typically focuses on the victim of a cyberattack. What might they learn if they analyzed attackers’ mistakes instead?

EU Passes Emergency Law Allowing Tech Companies To Screen Messages For Child Abuse

www.forbes.com/sites/emmawoollacott/2021/07/07/eu-passes-emergency-law-allowing-tech-companies-to-screen-messages-for-child-abuse/ The European Parliament has approved emergency measures allowing internet companies to scan users’ private messages for material containing child sex abuse.

Tens of thousands scammed using fake Android cryptomining apps

www.bleepingcomputer.com/news/security/tens-of-thousands-scammed-using-fake-android-cryptomining-apps/ Scammers tricked at least 93, 000 people into buying fake Android cryptocurrency mining applications, as revealed by researchers from California-based cybersecurity firm Lookout. Lisäksi:

blog.lookout.com/lookout-unearths-android-crypto-mining-scams

US warns of action against ransomware gangs if Russia refuses

www.bleepingcomputer.com/news/security/us-warns-of-action-against-ransomware-gangs-if-russia-refuses/ White House Press Secretary Jen Psaki says that the US will take action against cybercriminal groups from Russia if the Russian government refuses to do so. Lisäksi:

www.zdnet.com/article/ransomware-us-warns-russia-to-take-action-after-latest-attacks

WildPressure APT Emerges With New Malware Targeting Windows and macOS

thehackernews.com/2021/07/wildpressure-apt-emerges-with-new.html A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats. Lisäksi:

threatpost.com/macos-wildpressure-apt/167606/. Lisäksi:

securelist.com/wildpressure-targets-macos/103072/

Dozens of Vulnerable NuGet Packages Allow Attackers to Target.NET Platform

thehackernews.com/2021/07/dozens-of-vulnerable-nuget-packages.html An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process.

ProtonMail, DuckDuckGo, others ask EU & US regulators to ban surveillance-based advertising

therecord.media/protonmail-duckduckgo-others-ask-eu-us-regulators-to-ban-surveillance-based-advertising/ A group of privacy-first tech companies, including the likes of ProtonMail, DuckDuckGo, Vivaldi, Tutanota, and Startpage, have published an open letter today asking EU and US regulators to take action and ban surveillance-based advertising.

Why I Love (Breaking Into) Your Security Appliances

threatpost.com/breaking-into-security-appliances/167584/ David “moose” Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to “pick one lock” to invade an enterprise through them.

Bitcoin power plant is turning a 12, 000-year-old glacial lake into a hot tub

arstechnica.com/tech-policy/2021/07/bitcoin-power-plant-is-turning-a-12000-year-old-glacial-lake-into-a-hot-tub/ The fossil fuel power plant that a private equity firm revived to mine bitcoin is at it again. Not content to just pollute the atmosphere in pursuit of a volatile crypto asset with little real-world utility, this experiment in free marketeering is also dumping tens of millions of gallons of hot water into glacial Seneca Lake in upstate New York.

SideCopy cybercriminals use new custom Trojans in attacks against India’s military

www.zdnet.com/article/sidecopy-cybercriminals-use-custom-trojans-in-india-attacks On Wednesday, researchers from Cisco Talos said a recent surge in activity “signals a boost” in the APT’s development of techniques, tactics, and tools, with multiple, new remote access trojans (RATs) and plugins now in play.

Email fatigue among users opens doors for cybercriminals

www.bleepingcomputer.com/news/security/email-fatigue-among-users-opens-doors-for-cybercriminals/ Given the mass migration to remote work, more critical business data is being shared by email than ever before. Users can now receive hundreds of emails a day, and sifting through them is time-consuming and exhausting.

You might be interested in …

Daily NCSC-FI news followup 2019-10-27

TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines www.bleepingcomputer.com/news/security/trialworks-ransomware-attack-disrupts-court-cases-and-deadlines/ TrialWorks, one of the top-rated providers of legal case management software for law firms and attorneys, became the victim of a ransomware attack earlier this month. The ripples of disruption from this incident made it impossible for lawyers to access the legal documents hosted on TrialWorks […]

Read More

Daily NCSC-FI news followup 2020-11-20

Inside the Cit0Day Breach Collection www.troyhunt.com/inside-the-cit0day-breach-collection/ It’s increasingly hard to know what to do with data like that from Cit0Day. If that’s an unfamiliar name to you, start with Catalin Cimpanu’s story on the demise of the service followed by the subsequent leaking of the data. . I was curious as to how much of […]

Read More

Daily NCSC-FI news followup 2020-11-02

Oracle Releases Out-of-Band Security Alert us-cert.cisa.gov/ncas/current-activity/2020/11/02/oracle-releases-out-band-security-alert Oracle has released an out-of-band security alert to address a remote code execution vulnerabilityCVE-2020-14750in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. Read also: www.oracle.com/security-alerts/alert-cve-2020-14750.html Poliisille ilmoitettujen tietomurtojen määrä on liki tuplaantunut parissa vuodessa rikosten todellinen määrä on vielä suurempi […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.